VYPR
Unrated severityNVD Advisory· Published Mar 6, 2026· Updated Mar 9, 2026

OOP CMS BLOG 1.0 Cross-Site Request Forgery via addUser.php

CVE-2018-25200

Description

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.